@thomasrdotorg ABC Radio National now has Skype in their studios. I did a live spot from San Francisco. http://t.co/57MnFtzCSH
RT @SnarkyPlatypus: It’s a ménage a trois between#4cornerss,@stilgherriann and the BBC in China. [Oh don’t start…]
And… we’re clear.
Cool, the @4corners reporter @AndrewJFowler is on this too. He’s started.
I’m connected to the @bbcworldservice mothership via Skype. I’m waiting for them to finish Syria. Stream at http://t.co/N0VPjGrCnF #whys
@skwashd Oh I saw the pun, so you’re OK. I’m just a humourless bunt.
@skwashd Oi! Still, I’m not sure who dobbed me in to @bbcworldservice for this program. #whys
@stephhegarty And I’m ready on Skype for a line check whenever you want. :)
This @bbcworldservice spot coming up, there’s a hashtag #whys if you want to comment.
@stephhegarty I can’t DM you (you’re not following?) but all received. Ready and waiting.
So yes, talking ASIO hack etc on @bbcworldservice @BBC_WHYS at 2045 AEST / 1145 BST, streamed live at http://t.co/N0VPjGrCnF
@snare @bbcworldservice Some Photoshop work may be required…
@snare @bbcworldservice Hang on, it is still a dart in the face if I use the word “cyber” in quotes to point out why it’s silly?
@snare @bbcworldservice I have my moments.
@stephhegarty Cheers, Steph, looking forward to it.
@snare @bbcworldservice And rightly so. My stance on the #cyber #cybercyber nomenclature is clear.
BernardKeane twitter is great for angry people to have entire conversations with you that you at no stage participate in
So at 2045 AEST / 1145 GMT I’ll be joining a panel on @bbcworldservice to talk about the ASIO hack thingy. Weird day.
“Big Data is bovine excrement says Obama’s Big Data man”, writes @ssharwood http://t.co/NwKGeYsVfM #SecurityCeBIT
“Huawei: ‘trust us, we are being transparent’”, writes @R_Chirgwin http://t.co/eU7utytKwc #SecurityCeBIT
“Ludlam, Brandis clash on privacy in cyber debate”, writes @WatchAdam http://t.co/JXxMYGfH16 #SecurityCeBIT
“Coalition wants money for ASIO, but Greens want privacy”, writes @mukimu http://t.co/OnWRztIL6X #SecurityCeBIT
“Research for unhackable UAVs could be used for BYOD: NICTA”, writes @mukimu http://t.co/9zVXqY0wqi #SecurityCeBIT
“Don’t expect vendors to bring up security: Huawei”, writes @alliecoyne. http://t.co/b28FxcBgGx #SecurityCeBIT
Right, time to see what’s been written about #SecurityCeBIT, gather my thoughts, and assemble some paragraphs.
Oh, I should mention that I’ve left #SecurityCeBITÂ so I can clear my head and write. It’s safe to follow me again now. Kinda.
@lomantik Oh yes, few politicians can resist the urge to turn every event into an electoral pitch.
@MikeCarlton01 True, but @rbersten says it’s already there, under the suit.
Brandis: “I have a high confidence in the ability of the Coalition to stem the high flow of irregular maritime arrivals.” #SecurityCeBIT
Me from 2011: “Yet another free pass for Aussie spooks: Do our politicians fear questioning ASIO?” http://t.co/XbqGJEiNa7 #SecurityCeBIT
“ASIO’s mislaid plans hardly a Chinese cybersecurity attack”, writes @BernardKeane http://t.co/vgDKD1JfMS #SecurityCeBIT #cyber #cybercyber
Brandis runs thru, oh, what’s this? “The Threat Landscape, Reader’s Digest Edition 2010”. Threats are getting more complex! #SecurityCeBIT
Brandis is now doing an election-year stump speech, (mis)cites numbers from Symantec’s Internet Security Threat Report #SecurityCeBIT
Brandis notes that Australian Cyber Security Centre has no new funding, refers to “already depleted national security budget” #SecurityCeBIT
@GiovanniTorre There is no chant of “Booooooorandis”, but I still think @SenatorLudlam could punch him out for the lulz.
“Cyber attack on ASIO headquarters”, is what it’s being described as. #SecurityCeBIT
Brandis is running through the usual framing of terrorism as a big threat, and last night’s @4corners. #SecurityCeBIT
@SenatorLudlam Will you be still here for afternoon tea?
@SenatorLudlam Well, indeed. I’ve just had a long day, and the filler acts before you went on had me browsing gun catalogues.
“Demand more transparency from us and vendors: Huawei”, writes @mukimu http://t.co/H6NxvK1WZp #SecurityCeBIT
@GiovanniTorre The studio audience is most polite. There was simply quiet applause. But we’ll see what happens at the end.
Brandis: The fear of terrorism has come to overtake the fear of war, but terrorism is not new. #SecurityCeBIT
Brandis: Wishes to focus his remarks on appropriate response to terrorism, and for this room, cyber terrorism. #SecurityCeBIT
Senator Brandis has arrived. A somewhat more formal style, and waffling on about airports and fog. #SecurityCeBIT
Ludlam just referred to the “Telecommunications and surveillance annual report”s. They’re here. http://t.co/Cg3KEI5esR #SecurityCeBIT
Yesterday Ludlam asked PM&C how many agencies have been using s313 requests to block websites. They don’t know. #SecurityCeBIT
I won’t tweet all the details of this speech, since it’s familiar territory, just a few new things. #SecurityCeBIT
Ludlam outlines the scale of warrantless comms metadata requests already, 300k/year. Those articles have last year’s stats. #SecurityCeBIT
This is really Ludlam’s standard intro to the topic. See these from Jan 2012. http://t.co/MV4pPBjnOF http://t.co/DbHUaGF05P #SecurityCeBIT
Ludlam explains criteria for phone intercepts now: suspected of serious crime, names targets, warrant required. #SecurityCeBIT
Ludlam first. He’s suspicious of all talk of “balance” in these matters ‘cos there isn’t one. #SecurityCeBIT
Dear Conference Moderators Everywhere, you do not have to read out everyone’s full bio when there’s a printed program. FFS! #SecurityCeBIT
Finally! @SenatorLudlam vs Senator Brandis on “Balancing Privacy and Civil Liberties in the Age of Cyber Security” #SecurityCeBIT
Pro Tip: Always play Russian Roulette with a revolver, not an automatic.
And a gun. For every “cyber”, one shot of tequila and one round of 9mm. #SecurityCeBIT
Next time I’m bringing booze and taking a shot every time someone says “cyber”. #SecurityCeBIT
On screen now, the World Economic Forum’s Cyber Risk Framework, found on p13 of this PDF. http://t.co/qbjNkNZlBc #SecurityCeBIT
@oberonsghost I DON’T WANT A CLEAN HANKY I WANT A GUN AND A COUPLE BOXES OF AMMUNITION.
Arronis: Security needs not to be a list of don’ts from the practitioners, but an ongoing discussion about risk. #SecurityCeBIT
Arronis: Overarching objective of security process is to make better risk-based decisions. [We’re going conceptual, folks.] #SecurityCeBIT
Arronis’ theme seems to be consistency in security processes, the hows and whys. #SecurityCeBIT
Arronis has begun by quoting Oscar Wilde and Aldous Huxley. OK then. #SecurityCeBIT
Up now, “Managing Security Across Multiple Organisations” with George Arronis, Head of ICT Security and Risk, Serco. #SecurityCeBIT
Now we’re talking! http://t.co/MweXhIFMfl http://t.co/TpUYIUErbF
For some reason, just now, I find myself browsing the merchandise available here. nighthawkcustom.com
“A key part of any contract is the service level agreement.” I would like to start crying now. May I start crying? #SecurityCeBIT
ISO 27001! Drink! #SecurityCeBIT
“There is a lot of guidance available on the internet for free.” #SecurityCeBIT
@franksting @ssharwood There’s no need to gloat.
@rashasman Please give Skywhale my fond regards.
The time-travel tedium of this presentation is magnified by the fact we’re waiting for @SenatorLudlam vs Senator Brandis. #SecurityCeBIT
@ssharwood We have an official #SecurityCeBIT hashtag, and I feel like we’re in… when? 2009?
“Government hacking attempts ‘standard espionage practice’: Huawei”, writes @j_hutch http://t.co/xHkylmNtfQ #SecurityCeBIT
So far this is “Cloud Risks and Mitigations 101”, so I hope it picks up soon. #SecurityCeBIT
@joneaves Will do. My understanding of most things crypto is wobbly. Shortcuts to moderate understanding are needed.
@ApostrophePong @sylmobile I managed to keep my language under control when in The America last week. Week before, sorry.
Praise the lard, Tufek is not going to talk about cloud computing. [Puts down crossbow.] #SecurityCeBIT
Up now, “Mitigating Security Challenges Posed by Cloud Service Adoption” with Wayne Tufek, Uni of Melbourne. #SecurityCeBIT
Change of running order, as Senator Brandis’ plane has been delayed. #SecurityCeBIT
Skipping “A Cyber-Crime Case Study: Using Social Media to Impersonate Brands, Build Trust, and Commit Fraud”, sorry. #SecurityCeBIT
@ApostrophePong Your office clearly needs more Australians.
@rashasman Why are you in Sydney, and what can be done about this?
@simone_au Scroll back.
Half-time warning. I’m tweeting today from CeBIT Cyber Security http://t.co/2TAgEigAkI Filter out #SecurityCeBIT to avoid the flood.
EVEN MOAR about the car-hacking stuff, the academic end. http://t.co/6RReydYiff #SecurityCeBIT HT @hardy_bm
@joneaves I think I’ve grokked what you’re saying there. Will certainly be clear about that if I end up writing about this at all.
@OkanovicM Thanks for all your help there, much appreciated. It’s hard to find links while also trying to absorb the presentation.
L U N C H . #SecurityCeBIT
Better link for the car-hacking story. http://t.co/e2fGpWHoT6 #SecurityCeBIT HT Gerwin Klein via @OkanovicM
Also have a Red team, for attack and penetration testing and internal audit. Focus on business process hacking. #SecurityCeBIT
Includes cyber defence analysts, using tools like Palantir’s to discover connections etc. #SecurityCeBIT
Stiennon introduces cyber defence team, Lockheed-Martin style, led by Cyber Commander, who’s also law enforcement liaison. #SecurityCeBIT
Stiennon proposes a new job title, as we had CISOs as a new thing. “Cyber Commander”? (Too militaristic for business?) #SecurityCeBIT
How do we survive in the age of weaponised malware? Countering targeted attacks needs a coordinated response. #SecurityCeBIT
That is, the tech-advanced nations selling cyber-arms to mid-ranking nations in exchange for… stuff. #SecurityCeBIT
Stiennon wonders if the cyber-arms industry that seems to be developing will end up like the arms industry? #SecurityCeBIT
More on the NICTA / DARPA high-assurance cyber-military systems work. http://t.co/Tf07AWfpiT #SecurityCeBIT HT @OkanovicM
The hack-car-with-music story Dr Steel told? Here! (Was it actually done?) http://t.co/cTvApOAIXT #SecurityCeBIT HT @OkanovicM
Stiennon counts the Age of Cyberweapons from this article. http://t.co/P05lu2LivO 362 days and counting! #SecurityCeBIT
@joneaves Will clarify when checking the recording.
Stiennon estimates that the MD5 hash collision used by Flame to forge a MSFT cert would’ve cost $250k of Amazon cloud time. #SecurityCeBIT
“Every single certificate authority (CA) is trusted in every single web browser.” [Aren’t there ~500 CAs?] #SecurityCeBIT
Stiennon: “You cannot trust software any more.” The digital signature process is thoroughly corrupted. #SecurityCeBIT
Stiennon’s current slide is headed: “Software updates: the pre-approved backdoor”, ‘cos we just let them in. #SecurityCeBIT
Stiennon dismisses “Why attack me? I have nothing” with a reminder of you being a stepping-stone. #SecurityCeBIT
Stiennon used to strike out cybercrime from that list, until about three years ago. It’s more a timeline than a hierarchy. #SecurityCeBIT
Stiennon’s old hierarchy of threats: exploratory hacking, vandalism, hacktivism, cyber crime, state-sponsored cyber attacks. #SecurityCeBIT
@OkanovicM Cheers. Would also love a reference for her story about an audio file that can take over a car. Sounds… fun. ;)
Next up, Richard Stiennon (@cyberwar), Chief Research Analyst, IT Harvest. #SecurityCeBIT
Aim is to do verified software at 2x cost of developing standard software, and they’re “close” to that. #SecurityCeBIT
Steels notes that so much infosec is patching. “We need to be building systems more reliably in the first place.” #SecurityCeBIT [Yes!]
Steel reckons that as tools get faster and they can synthesize software from proven specs, it’ll be the way things are done. #SecurityCeBIT
@thisisbrad Will chase. Slides moving too fast.
And they’re working in generating stuff from proven-correct code, e.g. synthesising file systems. #SecurityCeBIT
I can’t summarise this, but they’re doing some architecture that reduces the amount of code that need formal verification… #SecurityCeBIT
@OkanovicM Is there a good link to the material Dr Steel is presenting now? My computing science background is… gurgling. ;)
Why their emphasis on formal verification? Software checking and audit is only 85% effective. Not good enough. #SecurityCeBIT
Yes, those NICTA links were the right ones, confirms @OkanovicM. (Thanks!) #SecurityCeBIT
So, a tune that plays OK, except on a certain car stereo, where it causes a buffer overflow and takes over the car. Done. #SecurityCeBIT
RT @dannolan: change anything on that system and you have to proof it again from first principles [Correct, but they have tools for that.]
But more importantly, the DARPA work is about… drones! #SecurityCeBIT
Work with DARPA extends this to embedded systems, eventually for things like medical devices, cars, manufacturing systems. #SecurityCeBIT
They’ve since extended their proven-correct software methodology to device drivers etc, traditionally bug-heavy code. #SecurityCeBIT
Currently she’s backgrounding their proved-correct software. ertos.nicta.com.au/research/sel4/ ssrg.nicta.com.au/projects/TS/ [Correct links?] #SecurityCeBIT
Up now, Dr Jodi Steel from NICTA on their work with US Defense Advanced Research Projects Agency (DARPA). #SecurityCeBIT
@craigdeveson Alas no Sydstart for me. Covering a bunch of infosec-related things this week. Break a leg!
“DSD’s ‘don’t be stupid’ mitigation strategies still work”, writes @R_Chirgwin http://t.co/9PVuOLov3W #SecurityCeBIT
Sorry, Michael Sentonas from McAfee, I had to skip your presentation to look at something else, but I know where to find you. #SecurityCeBIT
Morning tea time. #SecurityCeBIT
@pooch02 There is that, yes.
Morgan says we have an extreme shortage of penetration testers. The schools are churning out enough. [“Schools”?] #SecurityCeBIT
@pooch02 Again, that’s one data breach, not total pwnage like Nortel. US and EU have mandatory data breach notification laws.
@chrisjrn You’re referring to Aurora? Google weren’t saying they were pwned, but under attack. Nortel was completely pwned globally.
Suffolk: We’ll all running on fuzzy data… the impact of data breaches isn’t appearing on balance sheets. #SecurityCeBIT
Stiennon: Yes, Nortel. But it took them ten years. [The book “Underground” includes some coverage of that.] #SecurityCeBIT
Q: Has any company ever owned up to their shareholders that their company was totally pwned? #SecurityCeBIT
Morgan predicts in 24-48 months SEC etc will demand cyber security compliance statements, like they demanded Y2K compliance. #SecurityCeBIT
Stiennon: Lockheed-Martin shows a weekly chart to management of ongoing cyber ops against them, how far they’ve got in #SecurityCeBIT
@indigoid Don’t worry, I will ready myself a question for the panel.
Sentonas quotes @4corners, 50 to 60% increase in “cyber intrusions” in Australia in the last 12 months. #SecurityCeBIT #cyber #cybercyber
Panel: David Gee, CIO CUA; Suffolk; Richard Stiennon (@cyberwar); Prof Kenneth Morgan, Retired Professor-at-Large, UWA. #SecurityCeBIT
Next up, Security Leaders Panel: New and Emerging Security Threats.
Facilitator is Michael Sentonas from McAfee. #SecurityCeBIT
Suffolk says unique malware, tested to be undetected by major vendors, now costs $250 including support. Sounds about right. #SecurityCeBIT
@dfg77 Oh there was commentary about software, firmware etc too.
@SnarkyPlatypus He was formerly the CIO of the UK government. Is that a Cylon?
Just be aware, my Twitter stream is random soundbites, ‘cos I’m making my core notes elsewhere. #SecurityCeBIT
@dannolan Who can tell? They’ve left the building!
@cyberwar I’m one of the rapidly-typing media folk in the second-back row on the left. Will catch you at coffee break.
On trusting your supply chain, Suffolk notes that 70% of components in Huawei kit is not from China. 32% from US. #SecurityCeBIT
Suffolk: Legal difference between buying zero day exploits and 225ml tube of toothpaste? Can’t take toothpaste on a plane. #SecurityCeBIT
DSD has left the building. We’re allowed in now. Next up, John Suffolk, Global Cyber Security Officer, Huawei. #SecurityCeBIT
I might go downstairs and annoy @paulwallbank
@LozVox I’m thankful it wasn’t. Though I was in a quiet spot before searching.
Laughing.
@LozVox Hehe. Hey I didn’t know what it was either.
@ozdj Yes, but the Cyber Security conference has the potential to contain useful bits.
@LozVox Well I can hardly be held responsible for your actions!
@cjoye Thanks for that.
I’m at CeBIT Cyber Security all day. http://t.co/2TAgEigAkI Filter out #SecurityCeBITÂ to avoid my… steady stream.
So I looked up Femen. Right. I see.
@chrisjrn Oh I’ve upset the spooks dozens of times, and praised them dozens of others.
The opening plenary is over at The Star, and sold out, so bugger that.
Yep, Hannover Fairs staffer has just politely evicted me from the conference room. DSD requirement. #SecurityCeBIT
On hold for @radioadelaide. Live stream at radio.adelaide.edu.au
RT @j_hutch: not that it’s a keynote speech at a public conference or anything. [Yeah, it’s a bit silly. But it was standard practice.]
RT @paulkidd: are they going to make the people who are let in sign secrecy agreements? [I’ll go and ask once I’ve done this radio spot.]
RT @paulkidd: BUT IT’S 2013 AND EVERYONE IS THE MEDIA [Yes, exactly. I wonder how many covert recordings will be made.]
Most important! instagram.com/p/Z1NfXuCFmb/
Shortly I’ll be talking Labor vs Coalition NBN policies on @radioadelaide at 0745 ACST / 0815 AEST. Audio stream at radio.adelaide.edu.au
I’ve just been told that the opening keynote at #SecurityCeBIT, by the bloke from DSD, is not open to the media.
Into the fog instagram.com/p/Z1Kg84CFiT/
Mobile: Check out; walk to Sydney Exhibition & Convention Centre; find quiet spot for 0815 radio interview; enter the Cave of Doom.
@R_Chirgwin @diodesign Said epic rant about Android UI was in a podcast, “The 9pm Bus Ride” stilgherrian.com/edict/00023/
@charispalmer @liztayau You’re probably right. :/
@liztayau @charispalmer I’m such a party-pooper, I know.
@cjoye Was the second one actually in the FoI doc? I was directed to a specific page by an RBA staffer, didn’t see the other? #deadline
Even though I’m kinda being a replacement @liztayau for @iTnews_au today, I told @charispalmer that I refuse to frock up.
@bengrubb “Heh” was a slight little snicker at ASIO’s “good fortune” in this case, or is it “awesome skills”?
“Blueprints for new ASIO headquarters ‘stolen’”, wrote @bengrubb yesterday. Orly? Heh! http://t.co/Ab7iFrJlSN
“NBN Co to beat its June rollout target”, writes @rycrozier http://t.co/okMCWFFRgf
@CeBITAus Oh thanks, Tony. Boy, do you get around!
@SnarkyPlatypus Évidemment.
@CeBITAus Is there a separate hashtag for today’s Cyber Security stream, separate from or in addition to the general #CeBITAus?
I’ll be talking Labor vs Coalition NBN policies on @radioadelaide at 0745 ACST / 0815 AEST. Audio stream at radio.adelaide.edu.au
@cyberwar Ah, I just saw your name on the program. It looks like we’ll actually meet up today!
@cjoye Ah, I meant to reply to your email, which did get to me, but I was on other things and then forgot. I’ll be in touch later this week.
@SnarkyPlatypus Non, je serai l’image même de la tolérance aujourd’hui. Je suis fort. Je suis invincible.
Tue plan: 0815 radio spot, phone; 0845-1745 CeBIT Cyber Security http://t.co/2TAgEigAkI; report on same for @iTnews_au; crawl away and die.
@SnarkyPlatypus Bonjour. Je pense que je peux regretter aujourd’hui. Ce sera long et ennuyeux. Et vous?
Oh hello, Tuesday.